﻿<?php require_once("includes/session.php"); ?>
<?php confirm_logged_in(); ?>
<?php require_once("includes/connection.php"); ?>
<?php require_once("includes/functions.php"); ?>
<?php access_check(1,$connection); ?>
<?php include("includes/header.php"); ?>
<?php

if (isset($_POST['submit'])){
	$errors = array();
	$username = trim(mysql_prep($_SESSION['vartotojasid']));
	$old = trim(mysql_prep($_POST['old']));
	$hashed_old = sha1($old);
	$new = trim(mysql_prep($_POST['new']));
	$confirm = trim(mysql_prep($_POST['confirm']));
		
if ( empty($errors) ) {
			// Check database to see if username and the hashed password exist there.
			$query = "SELECT * ";
			$query .= "FROM `vartotojas`";
			$query .= "WHERE `vartotojas`.vartotojasid = '{$username}' ";
			$query .= "AND `vartotojas`.password = '{$hashed_old}' ";
		
			$query .= "LIMIT 1";
			$result_set = mysql_query($query);
			confirm_query($result_set);
			if (mysql_num_rows($result_set) == 1) {
				// username/password authenticated
				// and only 1 match
				
				if ($new==$confirm){
				
					if ((strlen($new))<6){
						$message = "Slaptažodis per trumpas.<br />
						Bandykite dar kartą.";
					
					}ELSE{
						$found_user = mysql_fetch_array($result_set);
						$hashed_new = sha1($new);
						
						$sql = "UPDATE `vartotojas` SET `password` = ";
						$sql .= "'".$hashed_new."'";
						$sql .= " WHERE `vartotojas`.`vartotojasid` =".$found_user['vartotojasid']." LIMIT 1 ;";
						$result_set = mysql_query($sql);
						confirm_query($result_set);
						
							$message = "Slaptažodis sekmingai pakeistas.<br>";						
					};
				}ELSE{
					$message = "Slaptažodžiai ne sutampa.<br />
					Bandykite dar kartą.";
				};
				
			} else {
				// username/password combo was not found in the database
				$message = "Neteisingas slaptažodis.<br />
					Bandykite dar kartą.";
			}
		} else {
			if (count($errors) == 1) {
				$message = "There was 1 error in the form.";
			} else {
				$message = "There were " . count($errors) . " errors in the form.";
			}
		}

};
?>

<article>
	<h2>Slaptažodzio keitimas</h2>
	<?php echo $message; ?>
	
  <form autocomplete="off" action="change_pass.php" method="post" >
	<table width="50%" border="0">
  <tr>
    <td>Senas slaptažodis</td>
    <td><input name="old" type="password"></td>
	</tr>
  <tr>
    <td>Naujas</td>
    <td><input name="new" type="password"></td>
  </tr>
  <tr>
    <td>Pakartot&nbsp;</td>
    <td><input name="confirm" type="password"></td>
	</tr>	
  <tr>
    <td>&nbsp;</td>
    <td><input name="submit" type="submit" value="Keisti"/></td>
  </tr>
</table>
					  </form>
</article>
				
            
<?php require("includes/footer.php"); ?>